PayPal Security Loophole

Banknote - 50.000.000 Mark - Deutsches Reich - 25.07.1923 Public Domain

Criminals see PayPal related messages as an easy route for fraud.  Many such requests are quick to spot as they do not relate to any known purchase.  Another tell-tale sign is that the sender’s details and any web links within the message do not follow the expected PayPal URL format although scammers often go a long way towards imitating this.

One way that fraudsters avoid being revealed through the message header code or URL text is to work from within genuine PayPal account.  This could be one that they own or a compromised account that they have gained access to.  The receiver of the message will be reassured that any email header and PayPal links are all genuine (because they are) and following it through will lead to details of an authentic transaction request on PayPal. The trick is to put the key to their scam within the ‘note’ section of a genuine invoice or request for funds.   This section is designed for messages about the goods exchanged but is not strongly regulated by PayPal.  A genuine use might be for the address to send goods but in this scam it will include details on how to complain if the transaction seems to be in error. These contact details will not lead to PayPal but some portal controlled by the fraudster.

The hook revolves around sending a PayPal invoice or request for funds that is clearly in error and the receiver reporting the incident to PayPal. The contact web link or phone number listed within the transaction note is the entry into the fraudster’s system.  The mark will report the PayPal transaction to avoid any automated transfer of funds but instead will be tricked into disclosing personal details or downloading malware.  In this example from KrebsonSecurity a spoof call centre attempted to have the mark download a remote administration tool.

PayPal recognise that scammers attempt to manipulate their systems and offer advice to users who see suspicious activity.  In cases where a request appears to be from PayPal the receiver should search for contact details for PayPal on-line and not rely on any embedded within the original message.  The original message should be forwarded to phishing@paypal.com who will investigate the source account.

More from Security

03/09/2024

Google and Facebook Single Sign On (SSO)

Single Sign On (SSO) options are commonly seen through providers such as Google, Facebook and to a lesser extent Apple.  There are also less …

Read post

13/08/2024

Ransomware in Healthcare

The ThreatLabz 2024 Ransomware Report highlights the relative susceptibility of the healthcare industry to ransomware attacks.  312 attacks on the Healthcare industry were reported …

Read post

29/07/2024

Bad Bots

Kindus has discussed the role of bots on the Internet and how webmasters can use ‘robots.txt’ to control them.  Unfortunately many bots do not …

Read post

22/07/2024

Lessons from the Cloudstrike Outage

On July 19, 2024 at 04:09 UTC, CrowdStrike released an update for ‘Falcon Sensor 7.11’ or above to Windows systems.  This caused a system …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories